Power

Cyber Monday Safe Shopping Tips

The last few years I’ve gotten asked by the media to talk about this. Here are my notes on best practices for staying safe shopping online over the holidays. I welcome ideas. Remember this is for “joe average user” and “suzy new ipad” not the hacker, cracker, super freaks, and infosec geeks. So suggestions of one time pad crypto doesn’t do much for working with Amazon.

The computer

Try not and use a shared computer or public terminal like at a hotel for commerce

Don’t use a open wireless connection at Starbucks or hotel for commerce

Make sure the computer is using anti-virus and security updates are done

EXPERT LEVEL- Make sure your crypto services (certificates) are up to date

The shopper

Buy from those you know and are reputable (more on this in a second)

Be savvy and don’t buy from unknown sources even for good deals

It’s not perfect but look for the lock icon (https)

If it looks to good to be true… it likely is

Use payment mechanisms that are fraud aware (shun wire transfer) and cash

Use a credit card with fraud protection over a debit card with none

EXPERT LEVEL- Use one time use credit cards

The store

Look at the URL (the address) and make sure it looks right

Some shopping apps shouldn’t be trusted.

Don’t click on links in emails, copy the link or type it in direct even for trusted stores

Track your purchases and email addresses you use and where you use them

Do not use the same password for every website

If something doesn’t look right or the website doesn’t load then back out and do not give it personal identifiable information

EXPERT LEVEL- Check with the Better Business Bureau

Gotchas No matter what you do things might go wrong

Offers from unknown entities for well known products (know who as well as what)

Cyber?

Cyber security and the technologies of securing the information enterprise of industry and government require a trans-disciplinary while still STEM focused research agenda. The term “cyber” itself denotes a human cognitive centric concept that deals with the disintermediation of technology centered within human activity. The changing focus from system threat mitigation to enterprise risk management has opened completely new areas of inquiry into security.